oAuth2 authentication of server API using NSURLSessions in ios

Question

Kindly bear with me if you find this question similar or not clear to the complete context, posting my first question, so I'll improve over as I get used to it. I have tried to search for similar problem statements to find close solution.

I have client id, secret, redirect URL given by my web server so that it can authenticate its API for usage using oauth2 authentication. So before using any of its web services, in the beginning client has to do an authorize-token handshake to receive a token to be supplied to API call.

In my IOS client application creating a NSURL with that like:

NSString* urlString = [NSString stringWithFormat:@"%@/oauth/authorize/?client_id=%@&response_type=code&redirect_uri=%@",myServerHostName, myAppClientId,myServerRedirectHostname];
NSURL *url = [NSURL URLWithString:urlString];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:60.0];
[request addValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setValue:@"utf-8"  forHTTPHeaderField:@"charset"];
[request setHTTPMethod:@"POST"];

Creating a NSURLSession and NSURLSessionDataTask with appropriate parameters with above NSURLRequest:

NSURLSessionConfiguration *configuration = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSession *session = [NSURLSession sessionWithConfiguration:configuration delegate:self delegateQueue:nil];

NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request];
[postDataTask resume];

And have created a delegate redirect handler so I could grab the new redirect URL like:

- (void)URLSession:(NSURLSession *)session task:(NSURLSessionDataTask *)task willPerformHTTPRedirection:(NSHTTPURLResponse *)response newRequest:(NSURLRequest *)newRequest completionHandler:(void (^)(NSURLRequest *))completionHandler {

      //Doing stuff : Grab the new redirected URL to get the oauth2 code. from the URL.
}

Can this be a legitimate way of performing the oauth2 for authenticating API before their access/usage ?

Currently my server fails with throwing 500 as it gets the above request.

Completed 500 Internal Server Error in 14ms

NameError (undefined local variable or method `login_path' for #<Doorkeeper::AuthorizationsController:0x000001078c1560>)

But when I try this through the web : example using 'Advanced REST client', the client receives the redirect URL( with status code 302) successfully.

Answer 1

Figured it out later that the sending out request was absolutely correct, the server side was using the door-keeper gem implementation which intern redirected to signup link for authentication, as the redirection was failing hence the error 500 was being received. Such oauth2 authentication of any API cannot be done without the ideal user accounts.